use chrome TLS fingerprint as default

2022-10-15 00:30:34 +08:00
parent 6f48753890
commit ef230d49a0
5 changed files with 94 additions and 1 deletions
--- a/ws.go
+++ b/ws.go
@ -1,11 +1,13 @@
 package gost

 import (
+	"context"
 	"crypto/rand"
 	"crypto/sha1"
 	"crypto/tls"
 	"encoding/base64"
 	"github.com/gorilla/websocket"
+	utls "github.com/refraction-networking/utls"
 	"io"
 	"net"
 	"net/http"
@ -742,6 +744,77 @@ type websocketConn struct {
 	rb   []byte
 }

+var wsTlsSpec = &utls.ClientHelloSpec{
+	CipherSuites: []uint16{
+		utls.GREASE_PLACEHOLDER,
+		utls.TLS_AES_128_GCM_SHA256,
+		utls.TLS_AES_256_GCM_SHA384,
+		utls.TLS_CHACHA20_POLY1305_SHA256,
+		utls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		utls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		utls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		utls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		utls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		utls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		utls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+		utls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+		utls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+		utls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+		utls.TLS_RSA_WITH_AES_128_CBC_SHA,
+		utls.TLS_RSA_WITH_AES_256_CBC_SHA,
+	},
+	CompressionMethods: []byte{
+		0x00, // compressionNone
+	},
+	Extensions: []utls.TLSExtension{
+		&utls.UtlsGREASEExtension{},
+		&utls.SNIExtension{},
+		&utls.UtlsExtendedMasterSecretExtension{},
+		&utls.RenegotiationInfoExtension{Renegotiation: utls.RenegotiateOnceAsClient},
+		&utls.SupportedCurvesExtension{[]utls.CurveID{
+			utls.GREASE_PLACEHOLDER,
+			utls.X25519,
+			utls.CurveP256,
+			utls.CurveP384,
+		}},
+		&utls.SupportedPointsExtension{SupportedPoints: []byte{
+			0x00, // pointFormatUncompressed
+		}},
+		&utls.SessionTicketExtension{},
+		&utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}},
+		&utls.StatusRequestExtension{},
+		&utls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []utls.SignatureScheme{
+			utls.ECDSAWithP256AndSHA256,
+			utls.PSSWithSHA256,
+			utls.PKCS1WithSHA256,
+			utls.ECDSAWithP384AndSHA384,
+			utls.PSSWithSHA384,
+			utls.PKCS1WithSHA384,
+			utls.PSSWithSHA512,
+			utls.PKCS1WithSHA512,
+		}},
+		&utls.SCTExtension{},
+		&utls.KeyShareExtension{[]utls.KeyShare{
+			{Group: utls.CurveID(utls.GREASE_PLACEHOLDER), Data: []byte{0}},
+			{Group: utls.X25519},
+		}},
+		&utls.PSKKeyExchangeModesExtension{[]uint8{
+			utls.PskModeDHE,
+		}},
+		&utls.SupportedVersionsExtension{[]uint16{
+			utls.GREASE_PLACEHOLDER,
+			utls.VersionTLS13,
+			utls.VersionTLS12,
+		}},
+		&utls.UtlsCompressCertExtension{[]utls.CertCompressionAlgo{
+			utls.CertCompressionBrotli,
+		}},
+		&utls.ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}},
+		&utls.UtlsGREASEExtension{},
+		&utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle},
+	},
+}
+
 func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, options *WSOptions) (net.Conn, error) {
 	if options == nil {
 		options = &WSOptions{}
@ -761,6 +834,15 @@ func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, optio
 		NetDial: func(net, addr string) (net.Conn, error) {
 			return conn, nil
 		},
+		NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+			client := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom)
+			client.ApplyPreset(wsTlsSpec)
+			err := client.Handshake()
+			if err != nil {
+				return nil, err
+			}
+			return client, nil
+		},
 	}
 	header := http.Header{}
 	header.Set("User-Agent", DefaultUserAgent)